ONE PIECE HACKING

Ngiler SH3LL 360
: / home / tbf / tbfguestbe.tbf.ro / app / Http / Controllers / Api /

Information Server
MySQL : OFF Perl : OFF CURL : ON WGET : OFF PKEXEC : OFF

Directive	Local Value
IP Address	89.40.16.97
System	Linux server.atelieruldeit.ro 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64
User	tbf
PHP Version	7.3.33
Software	Apache
Doc root	Writable

Edit File : AuthController.php \| Size : 9.64 KB
<?php namespace App\Http\Controllers\Api; use App\Http\Controllers\Controller; use App\Http\Resources\AuthUserResource; use App\Http\Resources\InstanceResource; use App\Http\Resources\UserResource; use App\Models\Impersonation; use App\Models\User; use Illuminate\Auth\Events\PasswordReset; use Illuminate\Http\JsonResponse; use Illuminate\Http\Request; use Validator; use Illuminate\Support\Facades\Auth; use Illuminate\Http\Response; use Illuminate\Support\Facades\Crypt; use Illuminate\Support\Facades\DB; use Illuminate\Support\Facades\Password; class AuthController extends BaseController { /** * Register api * * @return JsonResponse / public function register(Request $request): JsonResponse { $validator = Validator::make($request->all(), [ 'first_name' => 'required', 'last_name' => 'required', 'email' => 'required\|email', 'password' => 'required\|min:6', 'password_confirmation' => 'required\|same:password', ]); if($validator->fails()){ return $this->sendError('Validation Error.', $validator->errors()); } $input = $request->all(); $input['password'] = bcrypt($input['password']); $user = User::create($input); $success['token'] = $user->createToken('MyApp')->plainTextToken; $success['first_name'] = $user->first_name; $success['last_name'] = $user->last_name; return $this->sendResponse($success, 'User register successfully.'); } /* * Login api * * @param Request $request * * @return JsonResponse / public function login(Request $request): JsonResponse { $userAgent = $request->header('User-Agent'); if(Auth::attempt(['email' => $request->email, 'password' => $request->password])){ $user = Auth::user(); $success['token'] = $user->createToken($userAgent)->plainTextToken; $success['first_name'] = $user->first_name; $success['last_name'] = $user->last_name; if ($user->instance->disable_account) { return response()->json([ 'status' => 'error', 'message' => "Accesul la softul TBF AI a fost revocat. S-a terminat perioada pentru care ai platit. Contul tau este inactiv. Pentru informatii de acces sau alte detalii scrie un email la contact@tbf.ro.", ], 405); } return $this->sendResponse($success, 'User login successfully.'); } else{ return $this->sendError('Unauthorised.', ['error'=>'Unauthorised']); } } /* * Refresh SANCTUM token * * @param Request $request * * @return JsonResponse / public function refresh(Request $request): JsonResponse { $user = auth()->user(); $user->currentAccessToken()->delete(); $userAgent = $request->header('User-Agent'); $success['token'] = $user->createToken($userAgent)->plainTextToken; $success['first_name'] = $user->first_name; $success['last_name'] = $user->last_name; return $this->sendResponse($success, 'User login successfully.'); } /* * Logout api * * @return JsonResponse / public function logout(): JsonResponse { // Revoke the token that was used to authenticate the current request. auth()->user()->currentAccessToken()->delete(); return response()->json([ 'status' => 'Success', 'message' => 'User logout successfully.', ]); } /* * Logout all devices api * * @return JsonResponse / public function logoutAllDevices(): JsonResponse { // Revoke all tokens... auth()->user()->tokens()->delete(); return response()->json([ 'status' => 'Success', 'message' => 'User logout successfully from all devices.', ]); } /* * Get authenticated user / public function user() { return response()->json([ 'status' => 'success', 'data' => new AuthUserResource(auth()->user()), ]); } /* * Impersonate another user * * @param int $userId * * @return JsonResponse / public function impersonate(int $userId) { $impersonator = auth()->user(); $persona = User::find($userId); // Check if persona user exists, can be impersonated and if the impersonator has the right to do so. if (!$persona \|\| !$persona->canBeImpersonated() \|\| !$impersonator->canImpersonate()) { return false; } // Create new token for persona $personaToken = $persona->createToken('IMPERSONATION token'); // Save impersonator and persona token references $impersonation = new Impersonation(); $impersonation->user_id = $impersonator->id; $impersonation->personal_access_token_id = $personaToken->accessToken->id; $impersonation->save(); // deocamdata nu sterge tokenul superadminului // $impersonator->currentAccessToken()->delete(); $data['token'] = $personaToken->plainTextToken; $data['first_name'] = $persona->first_name; $response = [ 'success' => true, 'data' => $data, 'message' => 'User impersonated with success', ]; return response()->json($response, 200)->withHeaders([ 'Authorization' => $data['token'], ]); } /* * Leave impersonation * * @return JsonResponse / public function leaveImpersonate() { // Get impersonated user $impersonatedUser = auth()->user(); // Find the impersonating user $currentAccessToken = $impersonatedUser->currentAccessToken(); $impersonation = Impersonation::where('personal_access_token_id', $currentAccessToken->id)->first(); $impersonator = User::find($impersonation->user_id); $impersonatorToken = $impersonator->createToken('UNIMPERSONATION token')->plainTextToken; // Logout impersonated user $impersonatedUser->currentAccessToken()->delete(); $data['token'] = $impersonatorToken; $data['first_name'] = $impersonator->first_name; $response = [ 'success' => true, 'data' => $data, 'message' => 'User unimpersonated with success', ]; return response()->json($response, 200)->withHeaders([ 'Authorization' => $data['token'], ]); } /* * Reset password * * @param Request $request * * @return JsonResponse / public function resetPassword(Request $request) { $request->validate([ 'token' => 'required', 'email' => 'required\|email', 'password' => 'required\|min:6\|confirmed', ]); $status = Password::reset( $request->only('email', 'password', 'password_confirmation', 'token'), function (User $user, string $password) { $user->forceFill([ 'password' => bcrypt($password) ]); $user->save(); event(new PasswordReset($user)); // update invitation_url to null after invitation accepted $user->update(['invitation_url' => null]); } ); return $status === Password::PASSWORD_RESET ? $this->sendResetResponse() : $this->sendResetFailedResponse($request->email); } /* * Get information about who invite this user. * * @param Request $request * * @return JsonResponse / public function invitation(Request $request): JsonResponse { $request->validate([ 'token' => 'required\|string', 'user' => 'required\|string', ]); $decryptedEmail = Crypt::decryptString($request->user); $user = User::where('email', $decryptedEmail)->first(); if ($user) { $existResetToken = DB::table('password_reset_tokens')->where('email', $user->email)->exists(); if ($existResetToken) { $invitedByUser = $user->invitedByUser; $instance = $user->instance; return response()->json([ 'user' => new UserResource($user), 'invitedByUser' => $invitedByUser ? new UserResource($invitedByUser) : '', 'instance' => $instance ? new InstanceResource($instance) : '', ], 200); } } return $this->sendResetFailedResponse(''); } /* * Send Password Reset Link / public function sendPasswordResetLink(Request $request) { $request->validate(['email' => 'required\|email']); $status = Password::sendResetLink($request->only('email')); return $status === Password::RESET_LINK_SENT ? $this->sendResetLinkResponse() : ( $status === Password::RESET_THROTTLED ? $this->sendResetLinkFailedToManyRequest() : $this->sendResetLinkFailedResponse()); } /* * Get a new Password Reset Link */ public function getResetPasswordLink(User $user) { $token = Password::createToken($user); $resetLink = config('app.fe_url').'/reset-password/'.$token; return response()->json([ 'status' => 'Success', 'reset_link' => $resetLink ], 200); } } Back

Edit File : AuthController.php | Size : 9.64 KB

<?php

namespace App\Http\Controllers\Api;

use App\Http\Controllers\Controller;
use App\Http\Resources\AuthUserResource;
use App\Http\Resources\InstanceResource;
use App\Http\Resources\UserResource;
use App\Models\Impersonation;
use App\Models\User;
use Illuminate\Auth\Events\PasswordReset;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Validator;
use Illuminate\Support\Facades\Auth;
use Illuminate\Http\Response;
use Illuminate\Support\Facades\Crypt;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Password;

class AuthController extends BaseController
{
    /**
     * Register api
     *
     * @return JsonResponse
     */
    public function register(Request $request): JsonResponse
    {
        $validator = Validator::make($request->all(), [
            'first_name'        => 'required',
            'last_name'         => 'required',
            'email'             => 'required|email',
            'password'          => 'required|min:6',
            'password_confirmation' => 'required|same:password',
        ]);
   
        if($validator->fails()){
            return $this->sendError('Validation Error.', $validator->errors());       
        }
   
        $input = $request->all();
        $input['password'] = bcrypt($input['password']);
        $user = User::create($input);
        $success['token'] = $user->createToken('MyApp')->plainTextToken;
        $success['first_name'] = $user->first_name;
        $success['last_name'] = $user->last_name;
   
        return $this->sendResponse($success, 'User register successfully.');
    }

/**
     * Login api
     * 
     * @param Request $request
     *
     * @return JsonResponse
     */
    public function login(Request $request): JsonResponse
    {
        $userAgent = $request->header('User-Agent');

if(Auth::attempt(['email' => $request->email, 'password' => $request->password])){ 
            $user = Auth::user(); 
            $success['token'] = $user->createToken($userAgent)->plainTextToken;
            $success['first_name'] = $user->first_name;
            $success['last_name'] = $user->last_name;
   
            if ($user->instance->disable_account) {
                return response()->json([
                    'status'    => 'error',
                    'message'   => "Accesul la softul TBF AI a fost revocat. S-a terminat perioada pentru care ai platit. Contul tau este inactiv.  Pentru informatii de acces sau alte detalii scrie un email la contact@tbf.ro.",
                ], 405);
            }

return $this->sendResponse($success, 'User login successfully.');
        } 
        else{ 
            return $this->sendError('Unauthorised.', ['error'=>'Unauthorised']);
        } 
    }

/**
     * Refresh SANCTUM token
     * 
     * @param Request $request
     * 
     * @return JsonResponse
     */
    public function refresh(Request $request): JsonResponse
    {
        $user = auth()->user();
        $user->currentAccessToken()->delete();
        $userAgent = $request->header('User-Agent');

$success['token'] = $user->createToken($userAgent)->plainTextToken;
        $success['first_name'] = $user->first_name;
        $success['last_name'] = $user->last_name;

return $this->sendResponse($success, 'User login successfully.');
    }

/**
     * Logout api
     *
     * @return JsonResponse
     */
    public function logout(): JsonResponse
    {
        // Revoke the token that was used to authenticate the current request.
        auth()->user()->currentAccessToken()->delete();

return response()->json([
            'status'    => 'Success',
            'message'   => 'User logout successfully.',
        ]);
    }

/**
     * Logout all devices api
     *
     * @return JsonResponse
     */
    public function logoutAllDevices(): JsonResponse
    {
        // Revoke all tokens...
        auth()->user()->tokens()->delete();

return response()->json([
            'status'    => 'Success',
            'message'   => 'User logout successfully from all devices.',
        ]);
    }

/**
     * Get authenticated user
     */
    public function user()
    {
        return response()->json([
            'status'    => 'success',
            'data'      => new AuthUserResource(auth()->user()),
        ]);
    }

/**
     * Impersonate another user
     * 
     * @param int $userId
     * 
     * @return JsonResponse
     */
    public function impersonate(int $userId)
    {
        $impersonator = auth()->user();
        $persona = User::find($userId);

// Check if persona user exists, can be impersonated and if the impersonator has the right to do so.
        if (!$persona || !$persona->canBeImpersonated() || !$impersonator->canImpersonate()) {
            return false;
        }

// Create new token for persona
        $personaToken = $persona->createToken('IMPERSONATION token');

// Save impersonator and persona token references
        $impersonation = new Impersonation();
        $impersonation->user_id = $impersonator->id;
        $impersonation->personal_access_token_id = $personaToken->accessToken->id;
        $impersonation->save();

// deocamdata nu sterge tokenul superadminului
        // $impersonator->currentAccessToken()->delete();

$data['token'] = $personaToken->plainTextToken;
        $data['first_name'] = $persona->first_name;

$response = [
            'success' => true,
            'data'    => $data,
            'message' => 'User impersonated with success',
        ];

return response()->json($response, 200)->withHeaders([
            'Authorization' => $data['token'],
        ]);
    }

/**
     * Leave impersonation
     * 
     * @return JsonResponse
     */
    public function leaveImpersonate()
    {
        // Get impersonated user
        $impersonatedUser = auth()->user();

// Find the impersonating user
        $currentAccessToken = $impersonatedUser->currentAccessToken();
        $impersonation = Impersonation::where('personal_access_token_id', $currentAccessToken->id)->first();
        $impersonator = User::find($impersonation->user_id);
        $impersonatorToken = $impersonator->createToken('UNIMPERSONATION token')->plainTextToken;

// Logout impersonated user
        $impersonatedUser->currentAccessToken()->delete();

$data['token'] = $impersonatorToken;
        $data['first_name'] = $impersonator->first_name;

$response = [
            'success' => true,
            'data'    => $data,
            'message' => 'User unimpersonated with success',
        ];

return response()->json($response, 200)->withHeaders([
            'Authorization' => $data['token'],
        ]);
    }

/**
     * Reset password 
     * 
     * @param Request $request
     * 
     * @return JsonResponse
     */
    public function resetPassword(Request $request)
    {
        $request->validate([
            'token' => 'required',
            'email' => 'required|email',
            'password' => 'required|min:6|confirmed',
        ]);

$status = Password::reset(
            $request->only('email', 'password', 'password_confirmation', 'token'),
            function (User $user, string $password) {
                $user->forceFill([
                    'password' => bcrypt($password)
                ]);
     
                $user->save();
     
                event(new PasswordReset($user));

// update invitation_url to null after invitation accepted
                $user->update(['invitation_url' => null]);
            }
        );

return $status === Password::PASSWORD_RESET
            ? $this->sendResetResponse()
            : $this->sendResetFailedResponse($request->email);
    }

/**
     * Get information about who invite this user.
     * 
     * @param Request $request
     * 
     * @return JsonResponse
     */
    public function invitation(Request $request): JsonResponse
    {
        $request->validate([
            'token' => 'required|string',
            'user' => 'required|string',
        ]);

$decryptedEmail = Crypt::decryptString($request->user);
        $user = User::where('email', $decryptedEmail)->first();

if ($user) {
            $existResetToken = DB::table('password_reset_tokens')->where('email', $user->email)->exists();

if ($existResetToken) {
                $invitedByUser = $user->invitedByUser;
                $instance = $user->instance;

return response()->json([
                    'user'          => new UserResource($user),
                    'invitedByUser' => $invitedByUser ? new UserResource($invitedByUser) : '',
                    'instance'      => $instance ? new InstanceResource($instance) : '',
                ], 200);
            }
        }

return $this->sendResetFailedResponse('');
    }

/**
     * Send Password Reset Link
     */
    public function sendPasswordResetLink(Request $request)
    {
        $request->validate(['email' => 'required|email']);

$status = Password::sendResetLink($request->only('email'));

return $status === Password::RESET_LINK_SENT
                ? $this->sendResetLinkResponse()
                : ( $status === Password::RESET_THROTTLED
                    ? $this->sendResetLinkFailedToManyRequest()
                    : $this->sendResetLinkFailedResponse());
    }

/**
     * Get a new Password Reset Link
     */
    public function getResetPasswordLink(User $user)
    {
        $token = Password::createToken($user);
        $resetLink = config('app.fe_url').'/reset-password/'.$token;

return response()->json([
            'status'        => 'Success',
            'reset_link'    => $resetLink
        ], 200);
    }
}

Back